Dns name with egress network policy

firoshaq · March 5, 2021, 1:20pm

Asking for help? Comment out what you need so we can get more information to help you!

Hi Team,

I have been creating egress network policy using the official documentation under my name space in an AKS cluster. I am using calico network plugin. I see that in the documentation we are able to only use cidrrange but with openshit we were able to use both cidr as well as dnsname as mentioned from here. So could you please let me know if we have any alternative for specifying dnsname in aks as well because when I use the same I get get a resource not found error.

Any help would be appreciated.

macintoshprime · March 7, 2021, 3:43pm

Hi firoshaq,

Looks like the Calico CNI doesn’t support FQDN policies in the version that AKS uses (DNS policy is in their enterprise edition though.

I did come across another user who bumped into a similar situation on Azure and ended up using an interesting workaround using externalname services in this thread on reddit.

Outside of that I think the only other CNI that supports FQDN policies that I am aware of is Cillium but I haven’t given it a shot on AKS yet, Docs for installing.

Hope that helps!

Topic		Replies	Views
Need to create static ip on egress General Discussions	3	1894	August 28, 2023
Using NetworkPolicy To Block Certain Egress Target General Discussions network	2	1193	April 8, 2022
Core dns, calico issue because of variable hostname microk8s	0	323	February 16, 2024
Block egress to specific websites by dns General Discussions	7	4063	August 23, 2024
How to whitelist domain in Kubernetes pod using Coredns ACL plugin General Discussions coredns	2	1605	January 30, 2024

Dns name with egress network policy

Related topics